Microsoft’s Security Response Center (MSRC) has announced a new bounty program for any ethical hackers able to unearth vulnerabilities in Microsoft Teams.
Like all major software vendors, Microsoft operates a number of bug bounty programs that offer rewards to external developers for highlighting shortcomings in its apps. Th enew Microsoft Applications Bounty program is specifically designed to identify security gaffes in the apps such as the Team desktop client.
Microsoft Teams has rapidly grown over the past year to become one of the most important online collaboration platforms around as remote working grew in response to the Covid-19 pandemic.
- Check our list of the best video conferencing software
- We've also built a list of the best business webcams available
- Here's our list of the best headsets for conference calls right now
“Microsoft and security researchers across the planet continue to partner to help secure customers and the technologies we use for remote collaboration,” says Lynn Miyashita, Program Manager, MSRC.
Bounties up to $30,000
Miyashita adds that the new bounty program is an extension of the existing efforts to ensure the security of the app.
The program’s goal is to uncover significant technical vulnerabilities that Microsoft says should have a demonstrable and direct impact on the security of the users of the Teams desktop client. The program offers bounties ranging from $500 to $30,000.
MSRC has identified five critical scenarios that do the maximum damage, and vulnerabilities affecting those start at $6000. Vulnerabilities outside the purview of these five scenarios pay between $500 and $15000.
While the Teams desktop client is currently the only application that’s listed under the new Applications Bounty program, Miyashita says that they’ll soon expand the scope of the program to include other apps as well.
The news comes shortly after Microsoft announced a host of new security features for Teams, including limited end-to-end encryption (E2EE) functionality. This additional protection will be available to paying users and will initially apply to one-on-one meetings only, although Microsoft has hinted that E2EE will be extended to other meeting types further down the line.
Rival video conferencing service Zoom found itself in hot water at the start of pandemic, when it emerged that claims its meeting participants were protected by full end-to-end encryption were unfounded.
- Take a look at our list of the best work from home essentials
